class Locker
Reads/writes project lockfile (composer.lock).
@author Konstantin Kudryashiv <ever.zet@gmail.com> @author Jordi Boggiano <j.boggiano@seld.be>
Hierarchy
- class \Composer\Package\Locker
Expanded class hierarchy of Locker
8 files declare their use of Locker
- AutoloadGenerator.php in vendor/
composer/ composer/ src/ Composer/ Autoload/ AutoloadGenerator.php - BumpCommand.php in vendor/
composer/ composer/ src/ Composer/ Command/ BumpCommand.php - Composer.php in vendor/
composer/ composer/ src/ Composer/ Composer.php - DiagnoseCommand.php in vendor/
composer/ composer/ src/ Composer/ Command/ DiagnoseCommand.php - Installer.php in vendor/
composer/ composer/ src/ Composer/ Installer.php
File
-
vendor/
composer/ composer/ src/ Composer/ Package/ Locker.php, line 37
Namespace
Composer\PackageView source
class Locker {
/** @var JsonFile */
private $lockFile;
/** @var InstallationManager */
private $installationManager;
/** @var string */
private $hash;
/** @var string */
private $contentHash;
/** @var ArrayLoader */
private $loader;
/** @var ArrayDumper */
private $dumper;
/** @var ProcessExecutor */
private $process;
/** @var mixed[]|null */
private $lockDataCache = null;
/** @var bool */
private $virtualFileWritten = false;
/**
* Initializes packages locker.
*
* @param JsonFile $lockFile lockfile loader
* @param InstallationManager $installationManager installation manager instance
* @param string $composerFileContents The contents of the composer file
*/
public function __construct(IOInterface $io, JsonFile $lockFile, InstallationManager $installationManager, string $composerFileContents, ?ProcessExecutor $process = null) {
$this->lockFile = $lockFile;
$this->installationManager = $installationManager;
$this->hash = hash('md5', $composerFileContents);
$this->contentHash = self::getContentHash($composerFileContents);
$this->loader = new ArrayLoader(null, true);
$this->dumper = new ArrayDumper();
$this->process = $process ?? new ProcessExecutor($io);
}
/**
* @internal
*/
public function getJsonFile() : JsonFile {
return $this->lockFile;
}
/**
* Returns the md5 hash of the sorted content of the composer file.
*
* @param string $composerFileContents The contents of the composer file.
*/
public static function getContentHash(string $composerFileContents) : string {
$content = JsonFile::parseJson($composerFileContents, 'composer.json');
$relevantKeys = [
'name',
'version',
'require',
'require-dev',
'conflict',
'replace',
'provide',
'minimum-stability',
'prefer-stable',
'repositories',
'extra',
];
$relevantContent = [];
foreach (array_intersect($relevantKeys, array_keys($content)) as $key) {
$relevantContent[$key] = $content[$key];
}
if (isset($content['config']['platform'])) {
$relevantContent['config']['platform'] = $content['config']['platform'];
}
ksort($relevantContent);
return hash('md5', JsonFile::encode($relevantContent, 0));
}
/**
* Checks whether locker has been locked (lockfile found).
*/
public function isLocked() : bool {
if (!$this->virtualFileWritten && !$this->lockFile
->exists()) {
return false;
}
$data = $this->getLockData();
return isset($data['packages']);
}
/**
* Checks whether the lock file is still up to date with the current hash
*/
public function isFresh() : bool {
$lock = $this->lockFile
->read();
if (!empty($lock['content-hash'])) {
// There is a content hash key, use that instead of the file hash
return $this->contentHash === $lock['content-hash'];
}
// BC support for old lock files without content-hash
if (!empty($lock['hash'])) {
return $this->hash === $lock['hash'];
}
// should not be reached unless the lock file is corrupted, so assume it's out of date
return false;
}
/**
* Searches and returns an array of locked packages, retrieved from registered repositories.
*
* @param bool $withDevReqs true to retrieve the locked dev packages
* @throws \RuntimeException
*/
public function getLockedRepository(bool $withDevReqs = false) : LockArrayRepository {
$lockData = $this->getLockData();
$packages = new LockArrayRepository();
$lockedPackages = $lockData['packages'];
if ($withDevReqs) {
if (isset($lockData['packages-dev'])) {
$lockedPackages = array_merge($lockedPackages, $lockData['packages-dev']);
}
else {
throw new \RuntimeException('The lock file does not contain require-dev information, run install with the --no-dev option or delete it and run composer update to generate a new lock file.');
}
}
if (empty($lockedPackages)) {
return $packages;
}
if (isset($lockedPackages[0]['name'])) {
$packageByName = [];
foreach ($lockedPackages as $info) {
$package = $this->loader
->load($info);
$packages->addPackage($package);
$packageByName[$package->getName()] = $package;
if ($package instanceof AliasPackage) {
$packageByName[$package->getAliasOf()
->getName()] = $package->getAliasOf();
}
}
if (isset($lockData['aliases'])) {
foreach ($lockData['aliases'] as $alias) {
if (isset($packageByName[$alias['package']])) {
$aliasPkg = new CompleteAliasPackage($packageByName[$alias['package']], $alias['alias_normalized'], $alias['alias']);
$aliasPkg->setRootPackageAlias(true);
$packages->addPackage($aliasPkg);
}
}
}
return $packages;
}
throw new \RuntimeException('Your composer.lock is invalid. Run "composer update" to generate a new one.');
}
/**
* @return string[] Names of dependencies installed through require-dev
*/
public function getDevPackageNames() : array {
$names = [];
$lockData = $this->getLockData();
if (isset($lockData['packages-dev'])) {
foreach ($lockData['packages-dev'] as $package) {
$names[] = strtolower($package['name']);
}
}
return $names;
}
/**
* Returns the platform requirements stored in the lock file
*
* @param bool $withDevReqs if true, the platform requirements from the require-dev block are also returned
* @return \Composer\Package\Link[]
*/
public function getPlatformRequirements(bool $withDevReqs = false) : array {
$lockData = $this->getLockData();
$requirements = [];
if (!empty($lockData['platform'])) {
$requirements = $this->loader
->parseLinks('__root__', '1.0.0', Link::TYPE_REQUIRE, $lockData['platform'] ?? []);
}
if ($withDevReqs && !empty($lockData['platform-dev'])) {
$devRequirements = $this->loader
->parseLinks('__root__', '1.0.0', Link::TYPE_REQUIRE, $lockData['platform-dev'] ?? []);
$requirements = array_merge($requirements, $devRequirements);
}
return $requirements;
}
/**
* @return key-of<BasePackage::STABILITIES>
*/
public function getMinimumStability() : string {
$lockData = $this->getLockData();
return $lockData['minimum-stability'] ?? 'stable';
}
/**
* @return array<string, string>
*/
public function getStabilityFlags() : array {
$lockData = $this->getLockData();
return $lockData['stability-flags'] ?? [];
}
public function getPreferStable() : ?bool {
$lockData = $this->getLockData();
// return null if not set to allow caller logic to choose the
// right behavior since old lock files have no prefer-stable
return $lockData['prefer-stable'] ?? null;
}
public function getPreferLowest() : ?bool {
$lockData = $this->getLockData();
// return null if not set to allow caller logic to choose the
// right behavior since old lock files have no prefer-lowest
return $lockData['prefer-lowest'] ?? null;
}
/**
* @return array<string, string>
*/
public function getPlatformOverrides() : array {
$lockData = $this->getLockData();
return $lockData['platform-overrides'] ?? [];
}
/**
* @return string[][]
*
* @phpstan-return list<array{package: string, version: string, alias: string, alias_normalized: string}>
*/
public function getAliases() : array {
$lockData = $this->getLockData();
return $lockData['aliases'] ?? [];
}
/**
* @return string
*/
public function getPluginApi() {
$lockData = $this->getLockData();
return $lockData['plugin-api-version'] ?? '1.1.0';
}
/**
* @return array<string, mixed>
*/
public function getLockData() : array {
if (null !== $this->lockDataCache) {
return $this->lockDataCache;
}
if (!$this->lockFile
->exists()) {
throw new \LogicException('No lockfile found. Unable to read locked packages');
}
return $this->lockDataCache = $this->lockFile
->read();
}
/**
* Locks provided data into lockfile.
*
* @param PackageInterface[] $packages array of packages
* @param PackageInterface[]|null $devPackages array of dev packages or null if installed without --dev
* @param array<string, string> $platformReqs array of package name => constraint for required platform packages
* @param array<string, string> $platformDevReqs array of package name => constraint for dev-required platform packages
* @param string[][] $aliases array of aliases
* @param array<string, int> $stabilityFlags
* @param array<string, string|false> $platformOverrides
* @param bool $write Whether to actually write data to disk, useful in tests and for --dry-run
*
* @phpstan-param list<array{package: string, version: string, alias: string, alias_normalized: string}> $aliases
*/
public function setLockData(array $packages, ?array $devPackages, array $platformReqs, array $platformDevReqs, array $aliases, string $minimumStability, array $stabilityFlags, bool $preferStable, bool $preferLowest, array $platformOverrides, bool $write = true) : bool {
// keep old default branch names normalized to DEFAULT_BRANCH_ALIAS for BC as that is how Composer 1 outputs the lock file
// when loading the lock file the version is anyway ignored in Composer 2, so it has no adverse effect
$aliases = array_map(static function ($alias) : array {
if (in_array($alias['version'], [
'dev-master',
'dev-trunk',
'dev-default',
], true)) {
$alias['version'] = VersionParser::DEFAULT_BRANCH_ALIAS;
}
return $alias;
}, $aliases);
$lock = [
'_readme' => [
'This file locks the dependencies of your project to a known state',
'Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies',
'This file is @gener' . 'ated automatically',
],
'content-hash' => $this->contentHash,
'packages' => $this->lockPackages($packages),
'packages-dev' => null,
'aliases' => $aliases,
'minimum-stability' => $minimumStability,
'stability-flags' => $stabilityFlags,
'prefer-stable' => $preferStable,
'prefer-lowest' => $preferLowest,
];
if (null !== $devPackages) {
$lock['packages-dev'] = $this->lockPackages($devPackages);
}
$lock['platform'] = $platformReqs;
$lock['platform-dev'] = $platformDevReqs;
if (\count($platformOverrides) > 0) {
$lock['platform-overrides'] = $platformOverrides;
}
$lock['plugin-api-version'] = PluginInterface::PLUGIN_API_VERSION;
$lock = $this->fixupJsonDataType($lock);
try {
$isLocked = $this->isLocked();
} catch (ParsingException $e) {
$isLocked = false;
}
if (!$isLocked || $lock !== $this->getLockData()) {
if ($write) {
$this->lockFile
->write($lock);
$this->lockDataCache = null;
$this->virtualFileWritten = false;
}
else {
$this->virtualFileWritten = true;
$this->lockDataCache = JsonFile::parseJson(JsonFile::encode($lock));
}
return true;
}
return false;
}
/**
* Updates the lock file's hash in-place from a given composer.json's JsonFile
*
* This does not reload or require any packages, and retains the filemtime of the lock file.
*
* Use this only to update the lock file hash after updating a composer.json in ways that are guaranteed NOT to impact the dependency resolution.
*
* This is a risky method, use carefully.
*
* @param (callable(array<string, mixed>): array<string, mixed>)|null $dataProcessor Receives the lock data and can process it before it gets written to disk
*/
public function updateHash(JsonFile $composerJson, ?callable $dataProcessor = null) : void {
$contents = file_get_contents($composerJson->getPath());
if (false === $contents) {
throw new \RuntimeException('Unable to read ' . $composerJson->getPath() . ' contents to update the lock file hash.');
}
$lockMtime = filemtime($this->lockFile
->getPath());
$lockData = $this->lockFile
->read();
$lockData['content-hash'] = Locker::getContentHash($contents);
if ($dataProcessor !== null) {
$lockData = $dataProcessor($lockData);
}
$this->lockFile
->write($this->fixupJsonDataType($lockData));
$this->lockDataCache = null;
$this->virtualFileWritten = false;
if (is_int($lockMtime)) {
@touch($this->lockFile
->getPath(), $lockMtime);
}
}
/**
* Ensures correct data types and ordering for the JSON lock format
*
* @param array<mixed> $lockData
* @return array<mixed>
*/
private function fixupJsonDataType(array $lockData) : array {
foreach ([
'stability-flags',
'platform',
'platform-dev',
] as $key) {
if (isset($lockData[$key]) && is_array($lockData[$key]) && \count($lockData[$key]) === 0) {
$lockData[$key] = new \stdClass();
}
}
if (is_array($lockData['stability-flags'])) {
ksort($lockData['stability-flags']);
}
return $lockData;
}
/**
* @param PackageInterface[] $packages
*
* @return mixed[][]
*
* @phpstan-return list<array<string, mixed>>
*/
private function lockPackages(array $packages) : array {
$locked = [];
foreach ($packages as $package) {
if ($package instanceof AliasPackage) {
continue;
}
$name = $package->getPrettyName();
$version = $package->getPrettyVersion();
if (!$name || !$version) {
throw new \LogicException(sprintf('Package "%s" has no version or name and can not be locked', $package));
}
$spec = $this->dumper
->dump($package);
unset($spec['version_normalized']);
// always move time to the end of the package definition
$time = $spec['time'] ?? null;
unset($spec['time']);
if ($package->isDev() && $package->getInstallationSource() === 'source') {
// use the exact commit time of the current reference if it's a dev package
$time = $this->getPackageTime($package) ?: $time;
}
if (null !== $time) {
$spec['time'] = $time;
}
unset($spec['installation-source']);
$locked[] = $spec;
}
usort($locked, static function ($a, $b) {
$comparison = strcmp($a['name'], $b['name']);
if (0 !== $comparison) {
return $comparison;
}
// If it is the same package, compare the versions to make the order deterministic
return strcmp($a['version'], $b['version']);
});
return $locked;
}
/**
* Returns the packages's datetime for its source reference.
*
* @param PackageInterface $package The package to scan.
* @return string|null The formatted datetime or null if none was found.
*/
private function getPackageTime(PackageInterface $package) : ?string {
if (!function_exists('proc_open')) {
return null;
}
$path = $this->installationManager
->getInstallPath($package);
if ($path === null) {
return null;
}
$path = realpath($path);
$sourceType = $package->getSourceType();
$datetime = null;
if ($path && in_array($sourceType, [
'git',
'hg',
])) {
$sourceRef = $package->getSourceReference() ?: $package->getDistReference();
switch ($sourceType) {
case 'git':
GitUtil::cleanEnv();
$command = array_merge([
'git',
'log',
'-n1',
'--pretty=%ct',
(string) $sourceRef,
], GitUtil::getNoShowSignatureFlags($this->process));
if (0 === $this->process
->execute($command, $output, $path) && Preg::isMatch('{^\\s*\\d+\\s*$}', $output)) {
$datetime = new \DateTime('@' . trim($output), new \DateTimeZone('UTC'));
}
break;
case 'hg':
if (0 === $this->process
->execute([
'hg',
'log',
'--template',
'{date|hgdate}',
'-r',
(string) $sourceRef,
], $output, $path) && Preg::isMatch('{^\\s*(\\d+)\\s*}', $output, $match)) {
$datetime = new \DateTime('@' . $match[1], new \DateTimeZone('UTC'));
}
break;
}
}
return $datetime ? $datetime->format(DATE_RFC3339) : null;
}
/**
* @return array<string>
*/
public function getMissingRequirementInfo(RootPackageInterface $package, bool $includeDev) : array {
$missingRequirementInfo = [];
$missingRequirements = false;
$sets = [
[
'repo' => $this->getLockedRepository(false),
'method' => 'getRequires',
'description' => 'Required',
],
];
if ($includeDev === true) {
$sets[] = [
'repo' => $this->getLockedRepository(true),
'method' => 'getDevRequires',
'description' => 'Required (in require-dev)',
];
}
$rootRepo = new RootPackageRepository(clone $package);
foreach ($sets as $set) {
$installedRepo = new InstalledRepository([
$set['repo'],
$rootRepo,
]);
foreach (call_user_func([
$package,
$set['method'],
]) as $link) {
if (PlatformRepository::isPlatformPackage($link->getTarget())) {
continue;
}
if ($link->getPrettyConstraint() === 'self.version') {
continue;
}
if ($installedRepo->findPackagesWithReplacersAndProviders($link->getTarget(), $link->getConstraint()) === []) {
$results = $installedRepo->findPackagesWithReplacersAndProviders($link->getTarget());
if ($results !== []) {
$provider = reset($results);
$description = $provider->getPrettyVersion();
if ($provider->getName() !== $link->getTarget()) {
foreach ([
'getReplaces' => 'replaced as %s by %s',
'getProvides' => 'provided as %s by %s',
] as $method => $text) {
foreach (call_user_func([
$provider,
$method,
]) as $providerLink) {
if ($providerLink->getTarget() === $link->getTarget()) {
$description = sprintf($text, $providerLink->getPrettyConstraint(), $provider->getPrettyName() . ' ' . $provider->getPrettyVersion());
break 2;
}
}
}
}
$missingRequirementInfo[] = '- ' . $set['description'] . ' package "' . $link->getTarget() . '" is in the lock file as "' . $description . '" but that does not satisfy your constraint "' . $link->getPrettyConstraint() . '".';
}
else {
$missingRequirementInfo[] = '- ' . $set['description'] . ' package "' . $link->getTarget() . '" is not present in the lock file.';
}
$missingRequirements = true;
}
}
}
if ($missingRequirements) {
$missingRequirementInfo[] = 'This usually happens when composer files are incorrectly merged or the composer.json file is manually edited.';
$missingRequirementInfo[] = 'Read more about correctly resolving merge conflicts https://getcomposer.org/doc/articles/resolving-merge-conflicts.md';
$missingRequirementInfo[] = 'and prefer using the "require" command over editing the composer.json file directly https://getcomposer.org/doc/03-cli.md#require-r';
}
return $missingRequirementInfo;
}
}Members
| Title Sort descending | Modifiers | Object type | Summary |
|---|---|---|---|
| Locker::$contentHash | private | property | @var string |
| Locker::$dumper | private | property | @var ArrayDumper |
| Locker::$hash | private | property | @var string |
| Locker::$installationManager | private | property | @var InstallationManager |
| Locker::$loader | private | property | @var ArrayLoader |
| Locker::$lockDataCache | private | property | @var mixed[]|null |
| Locker::$lockFile | private | property | @var JsonFile |
| Locker::$process | private | property | @var ProcessExecutor |
| Locker::$virtualFileWritten | private | property | @var bool |
| Locker::fixupJsonDataType | private | function | Ensures correct data types and ordering for the JSON lock format |
| Locker::getAliases | public | function | @phpstan-return list<array{package: string, version: string, alias: string, alias_normalized: string}> |
| Locker::getContentHash | public static | function | Returns the md5 hash of the sorted content of the composer file. |
| Locker::getDevPackageNames | public | function | |
| Locker::getJsonFile | public | function | @internal |
| Locker::getLockData | public | function | |
| Locker::getLockedRepository | public | function | Searches and returns an array of locked packages, retrieved from registered repositories. |
| Locker::getMinimumStability | public | function | |
| Locker::getMissingRequirementInfo | public | function | |
| Locker::getPackageTime | private | function | Returns the packages's datetime for its source reference. |
| Locker::getPlatformOverrides | public | function | |
| Locker::getPlatformRequirements | public | function | Returns the platform requirements stored in the lock file |
| Locker::getPluginApi | public | function | |
| Locker::getPreferLowest | public | function | |
| Locker::getPreferStable | public | function | |
| Locker::getStabilityFlags | public | function | |
| Locker::isFresh | public | function | Checks whether the lock file is still up to date with the current hash |
| Locker::isLocked | public | function | Checks whether locker has been locked (lockfile found). |
| Locker::lockPackages | private | function | @phpstan-return list<array<string, mixed>> |
| Locker::setLockData | public | function | Locks provided data into lockfile. |
| Locker::updateHash | public | function | Updates the lock file's hash in-place from a given composer.json's JsonFile |
| Locker::__construct | public | function | Initializes packages locker. |